January 7, 2015 at 1:50 pm
As the title says.. I am looking to implenet TDE. I was looking at this article
http://msdn.microsoft.com/en-us/library/bb934049(v=sql.110).aspx
Before proceeding with these steps I wanted to look a little more at the CREATE MASTER KEY command
http://msdn.microsoft.com/en-us/library/ms174382.aspx
This led to some confusion for me. Should the Master Key be created against master or the database you plan to encrypt? Can someone explain to me when and why you would create one on master vs the user database (like adventureworks in the second link).
January 7, 2015 at 2:39 pm
dmc-608719 (1/7/2015)
As the title says.. I am looking to implenet TDE. I was looking at this articlehttp://msdn.microsoft.com/en-us/library/bb934049(v=sql.110).aspx
Before proceeding with these steps I wanted to look a little more at the CREATE MASTER KEY command
http://msdn.microsoft.com/en-us/library/ms174382.aspx
This led to some confusion for me. Should the Master Key be created against master or the database you plan to encrypt? Can someone explain to me when and why you would create one on master vs the user database (like adventureworks in the second link).
Firstly, see my article at this link[/url]
To recap, you create the DMK in the master database so that it's available server wide, the certificate you create is also created in the master database. You create the DEK in the database you want to enable for TDE, this key is protected by the master Certificate which has its private key protected by the masters DMK which in turn is protected by the SMK. Have a read through the link and if you're still stuck post back
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
January 9, 2015 at 2:36 pm
Thanks for the info.
January 16, 2015 at 12:49 pm
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply